Headline
CVE-2022-29655: Wedding Management System Unrestricted File Upload + Remote Code Execution
An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
HackMD
- Create new note
- Create a note from template
- Options
- Versions and GitHub Sync
- Transfer ownership
- Delete this note
- Template
- Save as template
- Insert from template
- Export
- Dropbox
- Google Drive
- Gist
- Import
- Dropbox
- Google Drive
- Gist
- Clipboard
- Download
- Markdown
- HTML
- Raw HTML
- ODF (Beta)
Sharing
View mode
- Edit mode
- View mode
- Book mode
- Slide mode
Note Permission
Read
- Owners
- Signed-in users
- Everyone
Write
- Owners
- Signed-in users
- Everyone
More (Comment, Invitee)
Related news
CVE-2022-29655: Wedding Management System Unrestricted File Upload + Remote Code Execution
An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.